Web application penetration testing

Penetration testing of Web applications involves identification of security weaknesses and vulnerabilities caused by insecure coding practices, misconfiguration and bugs. It is usually performed on a test instance of the application but can also be performed on the live instance in certain cases. The penetration testing process involves analysing, modifying and creating specially crafted HTTP requests to identify and exploit any vulnerabilities that may exist in the application and usually covers at least the following Top 10 areas of risk as identified by the Open Web Applications Security Project (OWASP):